diff --git a/.images/lucas's_home_network.png b/.images/lucas's_home_network.png new file mode 100644 index 0000000..d3f8820 Binary files /dev/null and b/.images/lucas's_home_network.png differ diff --git a/.images/me.png b/.images/me.png new file mode 100644 index 0000000..119bfad Binary files /dev/null and b/.images/me.png differ diff --git a/Guides/create-shh-keys.md b/Guides/create-shh-keys.md new file mode 100644 index 0000000..3342c9d --- /dev/null +++ b/Guides/create-shh-keys.md @@ -0,0 +1,21 @@ +# Creating SSH Key + +Ideally the following steps are completed on the device and user which you want to allow the connection from, so it will be saved in their `~/.ssh` folder. + +Run the following commands: +```bash +cd ~/.ssh +ssh-keygen -t ed25519 -C "your_email@example.com" +``` + +> [!NOTE] +> You can also use a name instead of the email address i.e. `"lucas-desktop"` + +## Add Keys to ssh-agent +Run the following command +`ssh-add ~/.ssh/id_ed25519` + +Replace `id_ed25519` in the command with the name of your private key file + +## Add Public key to Gitea +`cat` the contents of the public key and add it into Gitea under **Settings** > **SSH / GPG Keys** > **Add key**. diff --git a/Guides/generate-wireguard.md b/Guides/generate-wireguard.md new file mode 100644 index 0000000..072ee44 --- /dev/null +++ b/Guides/generate-wireguard.md @@ -0,0 +1,52 @@ +# Manually Generate Wireguard Peer in OPNsense + +This guide details how to manually (not using the Peer Generator) generate a new Wireguard peer in OPNsense. + + +## Requirements +The `wireguard-tools` package must be installed to generate the public and private keys. + + + +### 1. Create a Peer + +1. Generate a new public and private key with +`wg genkey | tee privatekey | wg pubkey > publickey` +This will create two files in the current directory with the public and private key. Save these for later. + +2. In the OPNsense UI go to VPN > Wireguard > Peers, and click the + to add a new peer + +3. Fill in the details: + - **Name**: Enter a name for the peer + - **Public key**: Paste the public key you generated earlier + - **Pre-shared key**: Generate a key if desired and save it for later + - **Allowed IPs**: Specify the IP address or subnet that this peer is allowed to use (e.g., 10.0.60.2/32). Check your existing peers to ensure it is not already used + - **Endpoint address**: Leave blank if the client will be roaming + - **Endpoint port**: Leave blank + - **Instances** Choose appropriate instance + - **Keepalive**: Can be left blank + +4. Save the Configuration + +### 2. Create the Wireguard Config File + +1. Create a new file called `.conf`. You can choose the name. +2. Copy and paste the contents from below into the file and update the values: +``` +[Interface] +PrivateKey = +Address = 10.0.60.2/32 # Use the same IP address or subnet specified in OPNsense +DNS = 8.8.8.8 # Optional: Specify a DNS server, not required if only routing resources (not an Internet connection) or using DNS names. + +[Peer] +PublicKey = +PresharedKey = # Only needed if generated in previous step +Endpoint = :51820 # Replace with the OPNsense public IP and port +AllowedIPs = 0.0.0.0/0 # Route all traffic through the VPN +``` + +Replace `private-key`, `opnsense-public-key`, `preshared-key`, and `opnsense-public-ip` with the appropriate values. + +For `AllowedIPs`, setting `0.0.0.0/0` will route all IPv4 addresses via the VPN connection. If only access to resources and no internet connection is required, the subnets can be added here i.e. `10.0.60.0/24, 10.0.70.0/24` + +4. Import the `.conf` file into the VPN connection settings on the client device and test the connection. \ No newline at end of file diff --git a/Home.md b/Home.md index 5d08b7b..032b46a 100644 --- a/Home.md +++ b/Home.md @@ -1 +1,19 @@ -Welcome to the Wiki. \ No newline at end of file +# Welcome to my Wiki + +![](.images/me.png) + +This site contains various articles and guides written by myself.  + +This is partly for my reference, as well as provide insight into my home lab and the projects I do around this.  +Others may come across these guides when trying to search how to do something - a place where I find myself often, and i always appreciate it when others make guides that assist me with my projects. There may also be some content here that I created in my university studies or work. + +Please note that all work here is not intended to be definitive, and may not be best practice. Please combine my work with your own investigations.  +All content posted here is welcome to scrutinization.  + +For an overview of exactly what I work on, here is a network diagram: + +![](/.images/lucas's_home_network.png) + +# Site Content + +There is not much available here at the moment, check back later! \ No newline at end of file